In this section we are learning session management and control. The first thing we need to know is of course what a session is.
Conversation, understood literally, is a process of conversation and communication between two people.
The browser opens a website and interacts with the website's server. It is communication between two computers. Therefore, we can also be more anthropomorphic and think of it as a conversation between two devices.
But what’s special is that because the browser is a software in the computer, this software has no appearance, no sound, no ID card... We don’t know who visited this website.
If we only recognize the IP, we are in the same company and our home IPs are all the same. One IP may correspond to multiple computers. Or the IP is changed after use. It is definitely unrealistic to use IP to identify the user's unique identity.
In fact, the thinking model of our human society has already solved this problem. Let me tell you two stories about meetings:
When people attended meetings decades ago, they all needed to bring a participation card. This participation card contains the person's position, name, unit, photo and other information. During a meeting, meeting security personnel and organizers only need to check relevant information.
Decades later, it has become more and more advanced. Before you attend the meeting, a card or badge will be issued to you. This badge has a unique number. Get the number, and then use the camera to automatically take a photo of you to complete the admission comparison work.
There are also these two verification methods in the computer:
This is the one where people bring all the relevant information on the conference pass The session method is called a cookie. In this mode, the information is saved on the user's computer.
People only need to bring a number or magnetic card, and the mode of using this information to verify your photo, name and other information is called session. It only stores a small set of values locally in the user's local area, and all other information is stored on the server.
Use a more professional language to explain:
The HTTP protocol is stateless. What is stateless? You enter my website address and I will send you the data. I don't care if you are Kim San Fat, Abe or Obama.
In reality, we often know who everyone is after logging in. These two methods are in the HTTP protocol: